Zero out the first byte of the stack canary value on 64 bit systems, in order to prevent unterminated C string overflows from being able to successfully overwrite the canary, even if an attacker somehow guessed or obtained the canary value.
Inspired by execshield ascii-armor and PaX/grsecurity. Thanks to Daniel Micay for extracting code of similar functionality from PaX/grsecurity and making it easy to find in his linux-hardened git tree on https://github.com/thestinger/linux-hardened/
